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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)E3 Responsive to communication^) filed on 24 June 2004 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E] Claim(s) 7-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 7-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) M Notice of References Cited (PTO-892) 

2) Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) CD Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) O Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) d] Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 17 



Serial Number: 09/924,391 
Art Unit: 2155 



Page 2 
Paper No. 17 



DETAILED ACTION 
Claim Rejections - 35 (JSC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 



A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



2. Claims 1-4, 6-8, 10-17, and 20-22 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Conklin etal (Hereafter, Conklin), U.S. Pat. No. 5,991,881. 

Regarding claim 1, Conklin clearly teaches a method for processing network 
accounting information, comprising receiving accounting information over a packet- 
switched network, monitoring at least one aspect of the received accounting information 
(= traffic information including attack data such as date/time, packet type, attack type 
source/destination addresses) [see Fig. 7], and discarding at least a portion of the 
accounting information based on the monitored aspect (i.e., network traffic 
measurement and monitoring for reporting information about captured packets and 
detecting intrusion into the network and into computers connected to the network for 
denial of service) [see Abstract and Figs. 6-9 and Col. 1 , Line 10 - Col. 2, Line 4]. 
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Regarding claim 2, Conklin further teaches the accounting information is 
discarded for providing a defense against network attacks (i.e., against network 
intruder) [see Abstract]. 

Regarding claim 3, Conklin further teaches the accounting information is 
discarded for dealing with heavy network traffic (i.e., monitoring and analyzing the traffic 
communication) [see Fig. 6]. 

Regarding claim 4, Conklin further teaches generating a summary of the 
accounting information (i.e., reported of collected information and stored information in 
the database) [see Col. 4, Line 52 - Col. 5, Line 45]. 

Regarding claim 6, Conklin further teaches monitoring the at least one aspect of 
the received accounting information includes detecting a scan of a plurality of Internet 
Protocol (IP) addresses (i.e., detecting IP address) [see Col. 5, Lines 26-45 and Col. 6, 
Lines 44-60]. 

Regarding claims 7-8, Conklin further teaches monitoring the at least one aspect 
of the received accounting information includes monitoring a rate of receipt of the 
accounting information and whether the rate of receipt of the accounting information 
exceeds a predetermined amount (i.e., monitoring and collecting network data such as 
traffic over time) [see Figs. 6-8 and Col. 4, Lines 30-67]. 
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Regarding claim 10, Conklin further teaches the network includes the Internet 
(i.e., using TCP/IP suggests the network attached to the Internet) [see Col. 3, Lines 15- 
21]. 

Claim 1 1 is rejected under the same rationale set forth above to claim 1 . 
Claims 12-14 are rejected under the same rationale set forth above to claims 2-4, 
respectively. 

Claims 1 5-1 7 are rejected under the same rationale set forth above to claims 6-8, 
respectively. 

Claims 20-22 are rejected under the same rationale set forth above to claim 1 . 



3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 5 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Conklin et al (Hereafter, Conklin), U.S. Pat. No. 5,991,881 in view of Gleichauf et al 
(Hereafter, Gleichauf), U.S. Pat. No. 6,301,668. 

Regarding claim 5, Conklin does not explicitly teach monitoring the at least one 
aspect of the received accounting information includes detecting a scan of a plurality of 
ports. However, Gleichauf in the same field of network security vulnerability assessment 



Claim Rejections - 35 USC § 103 



Serial Number: 09/924,391 
Art Unit: 2155 



Page 5 
Paper No. 17 



endeavor, discloses portscan detection [see Col. 7, Lines 41-60]. It would have been 
obvious to one of ordinary skill in the art at the time of the invention was made to scan 
the ports in order to track down ongoing attacks and identifying potential intrusions on 
the network and system connected to the network. 

Claim 18 is rejected under the same rationale set forth above to claim 5. 

5. Claims 9 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Conklin et al (Hereafter, Conklin), U.S. Pat. No. 5,991 ,881 in view of Trcka et al 
(Hereafter, Trcka), U.S. Pat. No. 6,453,345. 

Regarding claim 9, Conklin does not explicitly teach monitoring the at least one 
aspect of the received accounting information includes monitoring a load on a system 
receiving the accounting information. However, Trcka in the same field of network 
security traffic monitoring endeavor, discloses monitoring and collecting statistic 
information such as traffic load [see Col. 21 , Lines 24-28]. It would have been obvious 
to one of ordinary skill in the art at the time of the invention was made to monitor a load 
on the system in order to avoid traffic congestion and overload problems. 

Claim 19 is rejected under the same rationale set forth above to claim 9. 



5. Claim 23 is rejected under 35 U.S.C. 103(a) as being unpatentable over Conklin 
et al (Hereafter, Conklin), U.S. Pat. No. 5,991,881 in view of Gleichauf et al (Hereafter, 
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Gleichauf), U.S. Pat. No. 6,301 ,668 and further in view of Trcka et al (Hereafter, Trcka), 
U.S. Pat. No. 6,453,345. 

Regarding claim 23, Conklin teaches a method for processing network 
accounting information, comprising receiving accounting information over a packet- 
switched network, monitoring at least one aspect of the received accounting information 
(= traffic information including attack data such as date/time, packet type, attack type 
source/destination addresses) [see Fig. 7], and discarding at least a portion of the 
accounting information based on the monitored aspect (i.e., network traffic 
measurement and monitoring for reporting information about captured packets and 
detecting intrusion into the network and into computers connected to the network for 
denial of service) [see Abstract and Figs. 6-9 and Col. 1, Line 10 - Col. 2, Line 4]. 
Conklin further teaches generating a summary of the accounting information (i.e., 
reported of collected information and stored information in the database) [see Col. 4, 
Line 52 - Col. 5, Line 45], detecting a scan of a plurality of Internet Protocol (IP) 
addresses (i.e., detecting IP address) [see Col. 5, Lines 26-45 and Col. 6, Lines 44-60], 
and monitoring a rate of receipt of the accounting information and whether the rate of 
receipt of the accounting information exceeds a predetermined amount (i.e., monitoring 
and collecting network data such as traffic over time) [see Figs. 6-8 and Col. 4. Lines 
30-67]. 

Conklin does not explicitly teach detecting a scan of a plurality of ports. 
However, Gleichauf in the same field of network security vulnerability assessment 
endeavor, discloses portscan detection [see Col. 7, Lines 41-60]. It would have been 
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obvious to one of ordinary skill in the art at the time of the invention was made to scan 
the ports in order to track down ongoing attacks and identifying potential intrusions on 
the network and system connected to the network. 

In addition, Conklin does not explicitly teach monitoring a load on a system 
receiving the accounting information. However, Trcka in the same field of network 
security traffic monitoring endeavor, discloses monitoring and collecting statistic 
information such as traffic load [see Col. 21 , Lines 24-28]. It would have been obvious 
to one of ordinary skill in the art at the time of the invention was made to monitor a load 
on the system in order to avoid traffic congestion and overload problems. 



7. The following references cited by the examiner but not relied upon are 
considered pertinent to applicant=s disclosure. 

A) Vaidya, U.S. Pat. No. 6,279,113. 
,B) Porrasetal, U.S. Pat. No. 6,321,338. 
C) Shanklin et ai, U.S. Pat. No. 6,578,147. 

8. A SHORTENED STATUTORY PERIOD FOR RESPONSE TO THIS ACTION IS 
SET TO EXPIRE THREE MONTHS, OR THIRTY DAYS, WHICHEVER IS LONGER, 
FROM THE MAILING DATE OF THIS COMMUNICATION. FAILURE TO RESPOND 
WITHIN THE PERIOD FOR RESPONSE WILL CAUSE THE APPLICATION TO 
BECOME ABANDONED (35 U.S.C. 133). EXTENSIONS OF TIME MAY BE 
OBTAINED UNDER THE PROVISIONS OF 37 CAR 1.136(A). 



Other References Cited 
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9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Philip Tran whose telephone number is (703) 308-8767. 
The Group fax phone number is (703) 872-9306. 

If attempts to reach the examiner by telephone are unsuccessful, the examiners 
supervisor, Hosain T. Alam, can be reached on (703) 308-6662. 

Any inquiry of a general nature or relating to the status of this application should 
be directed to the Group receptionist whose telephone number is (703) 305-3900. 



Philip B. Tran 
Art Unit 21 55 
September 10, 2004 




